Chris Garrigues wrote:
> The prevalence of your attitude is part of why the Internet is as unsecure (I
> don't care what my spell checker says, people are "insecure", networks are
> "unsecure") as it is today.
Sorry you feel that way; personally, I believe that my attitude is why you
have Linux to work with. My attitude is old--from the early days of Unix.
It's simply put: "Do one thing. Do it well." If you're a MTA, you deliver
mail. If you're a MUA, you display and manage mailboxes.
The MTA isn't the security agent. It shouldn't do security on a
per-user basis. It may do filtering as a general thing--but denying
E-mail to root is a solution worse than the problem. And priviliged
users shouldn't be given inappropriate tools--stupid MUAs that violate
security as installed are simply *stupid*.
> If no programmer coded "their idea of security
> into tools", it would be even worse than it is now.
Perhaps; that wasn't my complaint. My argument is that people who
don't understand security shouldn't do it for other people without
consulting with those who do. *That* is certainly why we have the
problems we have today--people *think* they understand security
issues.
> It's already a problem
> that RedHat ships software that doesn't have all the risky things disabled.
What I said.
> Default shipped software should be secure. Then if you know what you are
> doing, you should know how to jump through the necessary hoops to undo that
> security.
What I said.
> As it stands we're jumping through those hoops backwards and the
> many of the people who need to jump through them can't.
What I said.
> BTW, I also don't understand your comment about Micro$oft. One of the
> complaints about microsoft is that they *don't* design in security! If they
> did, fewer people would get "I LOVE YOU" email.
It's what I stated before: The Micro$ofties don't understand security. At
all. But they *think* they should, since they sell software; so they design
bad security. And frankly, bad security is worse than *knowing* you have
no security...
Cheers,
--
Dave "Louisville Slugger security still works first-hand" Ihnat
[EMAIL PROTECTED]
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
